#!/bin/bash
# The following may be heavily borrowed from, if not 
# copied from, the NSA's December 20, 2007 "Guide to the 
# Secure Configuration of Red Hat Enterprise Linux 5, Revision 2"

# Title - Verify Permissions on passwd, shadow, group and gshadow Files

#Initialize variables
export PRECHECK="if [ `(find /etc/{,g}shadow -perm 400 && find /etc/{passwd,group} -perm 644) | wc -l ` = 4 ]; then \
echo 'Permissions are correct.';\
fi"
export QUESTION="Would you like to verify permissions of passwd, shadow, group and gshadow files"
export DESCRIPTION="These are the default permissions for these files. Many utilities need read access to the passwd file in order to function properly, but read access to the shadow file allows malicious attacks against system passwords, and should never be enabled."
export SOLUTION="chown root:root /etc/passwd /etc/shadow /etc/group /etc/gshadow; \
chmod 644 /etc/passwd /etc/group; \
chmod 400 /etc/shadow /etc/gshadow"


